Evaluating FMEA, FMECA and FMEDA

FMEA, FMECA and FMEDA have much in common, and a few critical differences

From a methodology point of view, failure modes and effects analysis (FMEA); failure modes, effects and criticality analysis (FMECA) and failure modes, effects and diagnostics analysis (FMEDA) are the same thing. FMEA is a methodology to identify ways a product, safety device, process or system can fail (reference IEC-60812).

FMECA is an extension of FMEA. In addition to FMEA, FMECA ranks the identified failure modes in order of importance, according to calculation of one of two indexes: risk priority number (RPN) or criticality (C).

FMEDA is a systematic, detailed procedure that is an extension of the classic FMEA. Its purpose is to calculate the failure rates of a target system, which can be a device or group of devices that perform a more complex function. This methodology was first developed for electronics and recently extended to mechanical and electromechanical devices.

Common concepts and methodology

FMEA, FMECA and FMEDA share the same basic concepts of component, device and arrangement of devices. A safety instrumented function (SIF) consists of several devices that shall execute a safety action to protect a machine, equipment or process plant from the consequences of a hazard. For example, the devices in a SIF can be transmitter, isolator, logic solver, motor contactor, etc.

Each device is built with components. For example, a transmitter is built with components such as gaskets, bolts, membrane, electronic circuit, etc. A valve actuator is built with components such as gaskets, O-ring seal, stems, shaft, yoke, guide bar bearing, inner end cap, diagraph, piston, etc.

An arrangement of devices can be just considered as one combined device for the implementation of a SIF. For example, an actuator-positioner-valve is the arrangement of devices that can be considered as the final safety element of SIF. Other arrangements of devices would be solenoid valves with a pressure transmitter for monitoring and diagnostics, or a power supply, isolation circuit and microprocessor for a PLC.

Components, devices and arrangements of devices can be part of the target system for a FMEA, FMECA or FMEDA assessment.

FMEA, FMECA and FMEDA share a common methodology. The common methodology can be applied prior or during the design, construction or final installation of the target system. The common methodology analyzes and reviews the failure modes of each component that is part of a device to rank the chance of failure of all components.

When the methodology is applied to an arrangement of devices, in addition to identifying failure modes and effects, a reliability block diagram of that arrangement “shall be developed to evaluate the interaction among the devices” per IEC-61078.

The target system can be a simple device, such as a solenoid valve, actuator or exhaust valve, or a complex device, where some device components are complex enough to consider as devices themselves. For example, if the target system is an airplane, the global positioning system, propulsion system and life support system are components of the airplane that are managed as devices.

When establishing an analysis scenario, bear in mind that the way a device or arrangement fails in one operation/environment condition can change when the same device or arrangement is working in a different operation/environment condition, for example, a motor normally running vs. normally stopped, a fail-close actuator/positioner/valve (APV) normally opened vs. normally closed, or a mechanical device that is critical in cryogenic conditions vs. 0 ‑ 100 °C operation.

From the scenarios and target system structure, decide the cases for assessment. For example, for an APV basic assessment cases can be: fail-open APV (open to trip) with full valve stroke test (FVST); fail open APV (open to trip) with no FVST; fail open APV (close to trip) with FVST; and fail open APV (close to trip) with no FVST.

For each simple device, develop a FME table and apply it for each analysis scenario in the study. The structure of the FME table can vary for a FMEA, FMECA or FMEDA. The FME table structure also can vary according to the nature of the target system, and is filled by an FMEA/FMECA/FMEDA specialist or FME specialist.

Next, a review/analysis session, like in a HAZOP, shall be performed to allow all representative involved in the project, manufacturing or operation of the target system to review and adjust the pre-filled FME table. The pre-filled FME tables are provided to session participants before the session, but in general, individual comments should be noted, but should not be considered before the session because it is better and less time-consuming to evaluate the integrated opinion of all session participants and look for conclusions that consider all points of view.

The result of the failure modes and effects study is a report with all reviewed/adjusted FME tables and conclusions/decisions about the target system. If the target system is modified after the study session, the procedure should be repeated. However, minor changes can be evaluated separately by the relevant FME specialist.

While the steps through FME study are essentially the same for FMEA, FMECA and FMEDA, the assessment and results are different.

Uncommon ends

Because they are sensitive to the nature of the target system and analysis scenarios, there is not enough space here to detail the many possible different structures of the FME tables for FMEA, FMECA and FMEDA assessments. In general, a FMEA focuses on all the ways a target system can fail. These ways are the failure modes, and one failure mode can have several failure effects.

FMECA assessment results include the FMEA results and the ranking all FMEs. This ranking is used to identify the components (or devices) with higher impact on target system reliability, where changes or enhancement are typically required to improve safety indexes such as average probability of failure on demand (PFDavg), average dangerous frequency of failure (PFHavg), mean time to failure spuriously (MTTFs) or mean time to failure dangerously (MTTFd).

The FMECA can be developed to provide a qualitative or quantitative assessment, and in both cases, it should provide a target system criticality matrix to show graphically which components (or devices) have higher and lower impact on the target system reliability.

FMEDA assessment results include the FMEA results and target system reliability data. This data can be used for target system SIL verification, SIL certification, or contribution when calculating a SIF’s SIL rating.

The reliability data is provided as the quantification (typically failures per billion hours) of:

Safe detected failure rate: Failure rate of the target system to move its operation condition from normal to safe state. Safety/control system or operator can be notified, and the target plant or equipment is protected.

Safe undetected failure rate: Failure rate of target system to move its operation condition from normal to safe state. Safety/control system or operator will not be notified, and the target plant or equipment is protected.

Dangerous detected failure rate: Failure rate of target system where it will remain in normal state when a demand happens, but the safety/control system or operator can be notified to fix the problem or to apply maintenance. The target plant or equipment is not protected, but the problem is identified, and there is a chance to fix the failure before a demand occurs.

Dangerous undetected failure rate: Failure rate of target system where it will remain in normal state when a demand happens, and the safety/control system or operator will not be notified. The target plant or equipment is not protected, the problem is hidden, and the only chance to identify and to fix the failure is when a proof test is performed. If required, FMEDA assessment can reveal which portion of dangerous undetected failures can be identified by proof test—in other words, FMEDA assessment could provide the proof test effectiveness (Et) or proof test coverage (PTC) of the proof test application on the target system.

Annunciation failure rate: Failure rate of the target system that will not affect safety performance to move its operating condition from normal to safe state. For example, a transmitter local display failure.

No effect failure rate: Any other failure rate of identified failures that will not make the target system fail safely or dangerously.